我在springboot中使用swaggerui来表示交互式rest端点。不过,知道swaggerui网址的人都可以访问它。是否有任何标准的方法来限制用户登录或密钥的招摇用户界面访问?我还使用jwt授权来保护rest端点。
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors().and().csrf().disable().exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().authorizeRequests()
.antMatchers("/api/shop/charity/details/**").permitAll().antMatchers("/api/shop/all/details/**")
.permitAll()
.antMatchers("/v2/api-docs", "/configuration/ui", "/swagger-resources/**", "/configuration/security",
"/swagger-ui.html", "/webjars/**")
.permitAll()
.anyRequest().authenticated();
}
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(customeUserDetailService);
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Bean
public BCryptPasswordEncoder passwordEncoder() {
BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder();
return bCryptPasswordEncoder;
}
private ApiKey apiKey() {
return new ApiKey("jwtToken", "Authorization", "header");
}
@Bean
public Docket api() {
return new Docket(DocumentationType.SWAGGER_2)
.select()
.apis(RequestHandlerSelectors.basePackage("com.test.controller"))
.paths(PathSelectors.any())
.build().apiInfo(testAPI()).securitySchemes(Arrays.asList(apiKey()));
}
private ApiInfo testAPI() {
return new ApiInfoBuilder()
.title("REST API")
.description("\"Sixty REST API \"")
.version("2.0.0")
.license("Apache License Version 2.0")
.licenseUrl("https://www.apache.org/licenses/LICENSE-2.0\"")
.build();
}
@Override
protected void addResourceHandlers(ResourceHandlerRegistry registry) {
registry.addResourceHandler("swagger-ui.html")
.addResourceLocations("classpath:/META-INF/resources/");
registry.addResourceHandler("/webjars/**")
.addResourceLocations("classpath:/META-INF/resources/webjars/");
}
暂无答案!
目前还没有任何答案,快来回答吧!